Date: Tue, 22 May 2012 11:25:33 -0400 From: Jason Hellenthal <jhellenthal@dataix.net> To: mahdieh salamat <mahdieh.salamat@gmail.com> Cc: freebsd-geom@freebsd.org Subject: Re: Lock FreeBSD partitions Message-ID: <20120522152533.GA7139@DataIX.net> In-Reply-To: <CAL5m1BtkcEkdJSdwK_m8kT6AKm_T1DJVY8XtkeHGDtc5ky8GUQ@mail.gmail.com> References: <CAL5m1BtkcEkdJSdwK_m8kT6AKm_T1DJVY8XtkeHGDtc5ky8GUQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, May 22, 2012 at 12:05:49AM -0700, mahdieh salamat wrote: > Hi all. I don't know I should ask my question here or not,I want to lock my > partitons by geli or gbde, but I want that after boot users don't force to > enter the passphrase. In other wise the partitions are locked but seems > that they aren't lock. I need it for security that if any one try to mount > partitions by CD or flash can't do it. > Thanks You are best off using a USB thumb drive as a place of storage for encryption keys with no passwords. As long as the thumb drive is available and mounted then the keys will be available for the encrypted partition to use. The user could also keep a key in their home directory that would allow them to mount the partition as well but only after the machine has been booted and unencrypted by use of the USB thumb drive. Just one way to look at it. Hope it helps. -- - (2^(N-1))
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120522152533.GA7139>